//===----------------------------------------------------------------------===//
//
// This source file is part of the Soto for AWS open source project
//
// Copyright (c) 2017-2022 the Soto project authors
// Licensed under Apache License v2.0
//
// See LICENSE.txt for license information
// See CONTRIBUTORS.txt for the list of Soto project authors
//
// SPDX-License-Identifier: Apache-2.0
//
//===----------------------------------------------------------------------===//

// THIS FILE IS AUTOMATICALLY GENERATED by https://github.com/soto-project/soto-codegenerator.
// DO NOT EDIT.

import Foundation
import SotoCore

extension SecurityLake {
    // MARK: Enums

    public enum AccessType: String, CustomStringConvertible, Codable, _SotoSendable {
        case lakeformation = "LAKEFORMATION"
        case s3 = "S3"
        public var description: String { return self.rawValue }
    }

    public enum AwsLogSourceType: String, CustomStringConvertible, Codable, _SotoSendable {
        case cloudTrail = "CLOUD_TRAIL"
        case route53 = "ROUTE53"
        case shFindings = "SH_FINDINGS"
        case vpcFlow = "VPC_FLOW"
        public var description: String { return self.rawValue }
    }

    public enum Dimension: String, CustomStringConvertible, Codable, _SotoSendable {
        case member = "MEMBER"
        case region = "REGION"
        case sourceType = "SOURCE_TYPE"
        public var description: String { return self.rawValue }
    }

    public enum EndpointProtocol: String, CustomStringConvertible, Codable, _SotoSendable {
        case https = "HTTPS"
        case sqs = "SQS"
        public var description: String { return self.rawValue }
    }

    public enum HttpsMethod: String, CustomStringConvertible, Codable, _SotoSendable {
        case post = "POST"
        case put = "PUT"
        public var description: String { return self.rawValue }
    }

    public enum OcsfEventClass: String, CustomStringConvertible, Codable, _SotoSendable {
        case accessActivity = "ACCESS_ACTIVITY"
        case accountChange = "ACCOUNT_CHANGE"
        case authentication = "AUTHENTICATION"
        case authorization = "AUTHORIZATION"
        case cloudApi = "CLOUD_API"
        case cloudStorage = "CLOUD_STORAGE"
        case configState = "CONFIG_STATE"
        case containerLifecycle = "CONTAINER_LIFECYCLE"
        case databaseLifecycle = "DATABASE_LIFECYCLE"
        case dhcpActivity = "DHCP_ACTIVITY"
        case dnsActivity = "DNS_ACTIVITY"
        case entityManagementAudit = "ENTITY_MANAGEMENT_AUDIT"
        case fileActivity = "FILE_ACTIVITY"
        case ftpActivity = "FTP_ACTIVITY"
        case httpActivity = "HTTP_ACTIVITY"
        case inventoryInfo = "INVENTORY_INFO"
        case kernelActivity = "KERNEL_ACTIVITY"
        case kernelExtension = "KERNEL_EXTENSION"
        case memoryActivity = "MEMORY_ACTIVITY"
        case moduleActivity = "MODULE_ACTIVITY"
        case networkActivity = "NETWORK_ACTIVITY"
        case processActivity = "PROCESS_ACTIVITY"
        case rdpActivity = "RDP_ACTIVITY"
        case registryKeyActivity = "REGISTRY_KEY_ACTIVITY"
        case registryValueActivity = "REGISTRY_VALUE_ACTIVITY"
        case resourceActivity = "RESOURCE_ACTIVITY"
        case rfbActivity = "RFB_ACTIVITY"
        case scheduledJobActivity = "SCHEDULED_JOB_ACTIVITY"
        case securityFinding = "SECURITY_FINDING"
        case smbActivity = "SMB_ACTIVITY"
        case smtpActivity = "SMTP_ACTIVITY"
        case sshActivity = "SSH_ACTIVITY"
        case virtualMachineActivity = "VIRTUAL_MACHINE_ACTIVITY"
        public var description: String { return self.rawValue }
    }

    public enum Region: String, CustomStringConvertible, Codable, _SotoSendable {
        case apNortheast1 = "ap-northeast-1"
        case apSoutheast2 = "ap-southeast-2"
        case euCentral1 = "eu-central-1"
        case euWest1 = "eu-west-1"
        case usEast1 = "us-east-1"
        case usEast2 = "us-east-2"
        case usWest2 = "us-west-2"
        public var description: String { return self.rawValue }
    }

    public enum SettingsStatus: String, CustomStringConvertible, Codable, _SotoSendable {
        case completed = "COMPLETED"
        case failed = "FAILED"
        case initialized = "INITIALIZED"
        case pending = "PENDING"
        public var description: String { return self.rawValue }
    }

    public enum SourceStatus: String, CustomStringConvertible, Codable, _SotoSendable {
        case active = "ACTIVE"
        case deactivated = "DEACTIVATED"
        case pending = "PENDING"
        public var description: String { return self.rawValue }
    }

    public enum StorageClass: String, CustomStringConvertible, Codable, _SotoSendable {
        case deepArchive = "DEEP_ARCHIVE"
        case expire = "EXPIRE"
        case glacier = "GLACIER"
        case glacierIr = "GLACIER_IR"
        case intelligentTiering = "INTELLIGENT_TIERING"
        case onezoneIa = "ONEZONE_IA"
        case standardIa = "STANDARD_IA"
        public var description: String { return self.rawValue }
    }

    public enum SubscriptionProtocolType: String, CustomStringConvertible, Codable, _SotoSendable {
        case app = "APP"
        case email = "EMAIL"
        case emailJson = "EMAIL_JSON"
        case firehose = "FIREHOSE"
        case http = "HTTP"
        case https = "HTTPS"
        case lambda = "LAMBDA"
        case sms = "SMS"
        case sqs = "SQS"
        public var description: String { return self.rawValue }
    }

    public enum SubscriptionStatus: String, CustomStringConvertible, Codable, _SotoSendable {
        case active = "ACTIVE"
        case deactivated = "DEACTIVATED"
        case pending = "PENDING"
        case ready = "READY"
        public var description: String { return self.rawValue }
    }

    public enum SourceType: AWSEncodableShape & AWSDecodableShape, _SotoSendable {
        /// Amazon Security Lake supports log and event collection for natively supported Amazon Web Services.
        case awsSourceType(AwsLogSourceType)
        /// Amazon Security Lake supports custom source types. For a detailed list, see the Amazon Security Lake User Guide.
        case customSourceType(String)

        public init(from decoder: Decoder) throws {
            let container = try decoder.container(keyedBy: CodingKeys.self)
            guard container.allKeys.count == 1, let key = container.allKeys.first else {
                let context = DecodingError.Context(
                    codingPath: container.codingPath,
                    debugDescription: "Expected exactly one key, but got \(container.allKeys.count)"
                )
                throw DecodingError.dataCorrupted(context)
            }
            switch key {
            case .awsSourceType:
                let value = try container.decode(AwsLogSourceType.self, forKey: .awsSourceType)
                self = .awsSourceType(value)
            case .customSourceType:
                let value = try container.decode(String.self, forKey: .customSourceType)
                self = .customSourceType(value)
            }
        }

        public func encode(to encoder: Encoder) throws {
            var container = encoder.container(keyedBy: CodingKeys.self)
            switch self {
            case .awsSourceType(let value):
                try container.encode(value, forKey: .awsSourceType)
            case .customSourceType(let value):
                try container.encode(value, forKey: .customSourceType)
            }
        }

        public func validate(name: String) throws {
            switch self {
            case .customSourceType(let value):
                try self.validate(value, name: "customSourceType", parent: name, pattern: "^[\\\\\\w\\-_:/.]*$")
            default:
                break
            }
        }

        private enum CodingKeys: String, CodingKey {
            case awsSourceType
            case customSourceType
        }
    }

    // MARK: Shapes

    public struct AccountSources: AWSDecodableShape {
        /// The ID of the Security Lake account for which logs are collected.
        public let account: String
        /// Initializes a new instance of the Event class.
        public let eventClass: OcsfEventClass?
        /// The log status for the Security Lake account.
        public let logsStatus: [LogsStatus]?
        /// The supported Amazon Web Services from which logs and events are collected. Amazon Security Lake supports log and event collection for natively supported Amazon Web Services.
        public let sourceType: String

        public init(account: String, eventClass: OcsfEventClass? = nil, logsStatus: [LogsStatus]? = nil, sourceType: String) {
            self.account = account
            self.eventClass = eventClass
            self.logsStatus = logsStatus
            self.sourceType = sourceType
        }

        private enum CodingKeys: String, CodingKey {
            case account
            case eventClass
            case logsStatus
            case sourceType
        }
    }

    public struct AutoEnableNewRegionConfiguration: AWSEncodableShape & AWSDecodableShape {
        /// The Amazon Web Services Regions where Security Lake is automatically enabled.
        public let region: Region
        /// The Amazon Web Services sources that are automatically enabled in Security Lake.
        public let sources: [AwsLogSourceType]

        public init(region: Region, sources: [AwsLogSourceType]) {
            self.region = region
            self.sources = sources
        }

        private enum CodingKeys: String, CodingKey {
            case region
            case sources
        }
    }

    public struct CreateAwsLogSourceRequest: AWSEncodableShape {
        /// Enables data collection from specific Amazon Web Services sources in all specific accounts and specific Regions.
        public let enableAllDimensions: [String: [String: [String]]]?
        /// Enables data collection from all Amazon Web Services sources in specific accounts or Regions.
        public let enableSingleDimension: [String]?
        /// Enables data collection from specific Amazon Web Services sources in specific accounts or Regions.
        public let enableTwoDimensions: [String: [String]]?
        /// Specifies the input order to enable dimensions in Security Lake, namely Region, source type, and member account.
        public let inputOrder: [Dimension]

        public init(enableAllDimensions: [String: [String: [String]]]? = nil, enableSingleDimension: [String]? = nil, enableTwoDimensions: [String: [String]]? = nil, inputOrder: [Dimension]) {
            self.enableAllDimensions = enableAllDimensions
            self.enableSingleDimension = enableSingleDimension
            self.enableTwoDimensions = enableTwoDimensions
            self.inputOrder = inputOrder
        }

        public func validate(name: String) throws {
            try self.enableSingleDimension?.forEach {
                try validate($0, name: "enableSingleDimension[]", parent: name, pattern: "^[\\\\\\w\\-_:/.@=+]*$")
            }
        }

        private enum CodingKeys: String, CodingKey {
            case enableAllDimensions
            case enableSingleDimension
            case enableTwoDimensions
            case inputOrder
        }
    }

    public struct CreateAwsLogSourceResponse: AWSDecodableShape {
        /// Lists all accounts in which enabling a natively supported Amazon Web Service as a Security Lake source failed. The failure occurred as these accounts are not part of an organization.
        public let failed: [String]?
        /// Lists the accounts that are in the process of enabling a natively supported Amazon Web Service as a Security Lake source.
        public let processing: [String]?

        public init(failed: [String]? = nil, processing: [String]? = nil) {
            self.failed = failed
            self.processing = processing
        }

        private enum CodingKeys: String, CodingKey {
            case failed
            case processing
        }
    }

    public struct CreateCustomLogSourceRequest: AWSEncodableShape {
        /// The name for a third-party custom source. This must be a Regionally unique value.
        public let customSourceName: String
        /// The Open Cybersecurity Schema Framework (OCSF) event class which describes the type of data that the custom source will send to Security Lake.
        public let eventClass: OcsfEventClass
        /// The Amazon Resource Name (ARN) of the Identity and Access Management (IAM) role to be used by the Glue crawler. The recommended IAM policies are:   The managed policy AWSGlueServiceRole    A custom policy granting access to your Amazon S3 Data Lake
        public let glueInvocationRoleArn: String
        /// The Amazon Web Services account ID of the custom source that will write logs and events into the Amazon S3 Data Lake.
        public let logProviderAccountId: String

        public init(customSourceName: String, eventClass: OcsfEventClass, glueInvocationRoleArn: String, logProviderAccountId: String) {
            self.customSourceName = customSourceName
            self.eventClass = eventClass
            self.glueInvocationRoleArn = glueInvocationRoleArn
            self.logProviderAccountId = logProviderAccountId
        }

        public func validate(name: String) throws {
            try self.validate(self.customSourceName, name: "customSourceName", parent: name, pattern: "^[\\\\\\w\\-_:/.]*$")
            try self.validate(self.glueInvocationRoleArn, name: "glueInvocationRoleArn", parent: name, pattern: "^arn:.*")
            try self.validate(self.logProviderAccountId, name: "logProviderAccountId", parent: name, max: 12)
            try self.validate(self.logProviderAccountId, name: "logProviderAccountId", parent: name, min: 12)
            try self.validate(self.logProviderAccountId, name: "logProviderAccountId", parent: name, pattern: "^\\d+$")
        }

        private enum CodingKeys: String, CodingKey {
            case customSourceName
            case eventClass
            case glueInvocationRoleArn
            case logProviderAccountId
        }
    }

    public struct CreateCustomLogSourceResponse: AWSDecodableShape {
        /// The location of the partition in the Amazon S3 bucket for Security Lake.
        public let customDataLocation: String
        /// The name of the Glue crawler.
        public let glueCrawlerName: String
        /// The Glue database where results are written, such as: arn:aws:daylight:us-east-1::database/sometable/*.
        public let glueDatabaseName: String
        /// The table name of the Glue crawler.
        public let glueTableName: String
        /// The ARN of the IAM role to be used by the entity putting logs into your custom source partition. Security Lake will apply the correct access policies to this role, but you must first manually create the trust policy for this role. The IAM role name must start with the text 'Security Lake'. The IAM role must trust the logProviderAccountId to assume the role.
        public let logProviderAccessRoleArn: String

        public init(customDataLocation: String, glueCrawlerName: String, glueDatabaseName: String, glueTableName: String, logProviderAccessRoleArn: String) {
            self.customDataLocation = customDataLocation
            self.glueCrawlerName = glueCrawlerName
            self.glueDatabaseName = glueDatabaseName
            self.glueTableName = glueTableName
            self.logProviderAccessRoleArn = logProviderAccessRoleArn
        }

        private enum CodingKeys: String, CodingKey {
            case customDataLocation
            case glueCrawlerName
            case glueDatabaseName
            case glueTableName
            case logProviderAccessRoleArn
        }
    }

    public struct CreateDatalakeAutoEnableRequest: AWSEncodableShape {
        /// Enable Security Lake with the specified configuration settings to begin collecting security data for new accounts in your organization.
        public let configurationForNewAccounts: [AutoEnableNewRegionConfiguration]

        public init(configurationForNewAccounts: [AutoEnableNewRegionConfiguration]) {
            self.configurationForNewAccounts = configurationForNewAccounts
        }

        private enum CodingKeys: String, CodingKey {
            case configurationForNewAccounts
        }
    }

    public struct CreateDatalakeAutoEnableResponse: AWSDecodableShape {
        public init() {}
    }

    public struct CreateDatalakeDelegatedAdminRequest: AWSEncodableShape {
        /// The Amazon Web Services account ID of the Security Lake delegated administrator.
        public let account: String

        public init(account: String) {
            self.account = account
        }

        public func validate(name: String) throws {
            try self.validate(self.account, name: "account", parent: name, pattern: "^[\\\\\\w\\-_:/.@=+]*$")
        }

        private enum CodingKeys: String, CodingKey {
            case account
        }
    }

    public struct CreateDatalakeDelegatedAdminResponse: AWSDecodableShape {
        public init() {}
    }

    public struct CreateDatalakeExceptionsSubscriptionRequest: AWSEncodableShape {
        /// The Amazon Web Services account where you want to receive exception notifications.
        public let notificationEndpoint: String
        /// The subscription protocol to which exception notifications are posted.
        public let subscriptionProtocol: SubscriptionProtocolType

        public init(notificationEndpoint: String, subscriptionProtocol: SubscriptionProtocolType) {
            self.notificationEndpoint = notificationEndpoint
            self.subscriptionProtocol = subscriptionProtocol
        }

        public func validate(name: String) throws {
            try self.validate(self.notificationEndpoint, name: "notificationEndpoint", parent: name, pattern: "^[\\\\\\w\\-_:/.@=+]*$")
        }

        private enum CodingKeys: String, CodingKey {
            case notificationEndpoint
            case subscriptionProtocol
        }
    }

    public struct CreateDatalakeExceptionsSubscriptionResponse: AWSDecodableShape {
        public init() {}
    }

    public struct CreateDatalakeRequest: AWSEncodableShape {
        /// Specify the Region or Regions that will contribute data to the rollup region.
        public let configurations: [Region: LakeConfigurationRequest]?
        /// Enable Security Lake in all Regions.
        public let enableAll: Bool?
        /// The Amazon Resource Name (ARN) used to create and update the Glue table. This table contains partitions generated by the ingestion and normalization of Amazon Web Services log sources and custom sources.
        public let metaStoreManagerRoleArn: String?
        /// Enable Security Lake in the specified Regions. To enable Security Lake in specific Amazon Web Services Regions, such as us-east-1 or ap-northeast-3, provide the Region codes. For a list of Region codes, see Amazon Security Lake endpoints in the Amazon Web Services General Reference.
        public let regions: [Region]?

        public init(configurations: [Region: LakeConfigurationRequest]? = nil, enableAll: Bool? = nil, metaStoreManagerRoleArn: String? = nil, regions: [Region]? = nil) {
            self.configurations = configurations
            self.enableAll = enableAll
            self.metaStoreManagerRoleArn = metaStoreManagerRoleArn
            self.regions = regions
        }

        public func validate(name: String) throws {
            try self.configurations?.forEach {
                try $0.value.validate(name: "\(name).configurations[\"\($0.key)\"]")
            }
            try self.validate(self.metaStoreManagerRoleArn, name: "metaStoreManagerRoleArn", parent: name, pattern: "^arn:.*")
        }

        private enum CodingKeys: String, CodingKey {
            case configurations
            case enableAll
            case metaStoreManagerRoleArn
            case regions
        }
    }

    public struct CreateDatalakeResponse: AWSDecodableShape {
        public init() {}
    }

    public struct CreateSubscriberRequest: AWSEncodableShape {
        /// The Amazon S3 or Lake Formation access type.
        public let accessTypes: [AccessType]?
        /// The Amazon Web Services account ID used to access your data.
        public let accountId: String
        /// The external ID of the subscriber. This lets the user that is assuming the role assert the circumstances in which they are operating. It also provides a way for the account owner to permit the role to be assumed only under specific circumstances.
        public let externalId: String
        /// The supported Amazon Web Services from which logs and events are collected. Security Lake supports log and event collection for natively supported Amazon Web Services.
        public let sourceTypes: [SourceType]
        /// The description for your subscriber account in Security Lake.
        public let subscriberDescription: String?
        /// The name of your Security Lake subscriber account.
        public let subscriberName: String

        public init(accessTypes: [AccessType]? = nil, accountId: String, externalId: String, sourceTypes: [SourceType], subscriberDescription: String? = nil, subscriberName: String) {
            self.accessTypes = accessTypes
            self.accountId = accountId
            self.externalId = externalId
            self.sourceTypes = sourceTypes
            self.subscriberDescription = subscriberDescription
            self.subscriberName = subscriberName
        }

        public func validate(name: String) throws {
            try self.validate(self.accountId, name: "accountId", parent: name, max: 12)
            try self.validate(self.accountId, name: "accountId", parent: name, min: 12)
            try self.validate(self.accountId, name: "accountId", parent: name, pattern: "^\\d+$")
            try self.validate(self.externalId, name: "externalId", parent: name, pattern: "^[\\\\\\w\\-_:/.@=+]*$")
            try self.sourceTypes.forEach {
                try $0.validate(name: "\(name).sourceTypes[]")
            }
            try self.validate(self.subscriberDescription, name: "subscriberDescription", parent: name, pattern: "^[\\\\\\w\\s\\-_:/,.@=+]*$")
        }

        private enum CodingKeys: String, CodingKey {
            case accessTypes
            case accountId
            case externalId
            case sourceTypes
            case subscriberDescription
            case subscriberName
        }
    }

    public struct CreateSubscriberResponse: AWSDecodableShape {
        /// The Amazon Resource Name (ARN) created by you to provide to the subscriber. For more information about ARNs and how to use them in policies, see IAM identifiers in the Identity and Access Management (IAM) User Guide. .
        public let roleArn: String?
        /// The ARN for the Amazon S3 bucket.
        public let s3BucketArn: String?
        /// The ARN for the Amazon Simple Notification Service.
        public let snsArn: String?
        /// The subscriptionId created by the CreateSubscriber API call.
        public let subscriptionId: String

        public init(roleArn: String? = nil, s3BucketArn: String? = nil, snsArn: String? = nil, subscriptionId: String) {
            self.roleArn = roleArn
            self.s3BucketArn = s3BucketArn
            self.snsArn = snsArn
            self.subscriptionId = subscriptionId
        }

        private enum CodingKeys: String, CodingKey {
            case roleArn
            case s3BucketArn
            case snsArn
            case subscriptionId
        }
    }

    public struct CreateSubscriptionNotificationConfigurationRequest: AWSEncodableShape {
        public static var _encoding = [
            AWSMemberEncoding(label: "subscriptionId", location: .uri("subscriptionId"))
        ]

        /// Create an Amazon Simple Queue Service queue.
        public let createSqs: Bool?
        /// The key name for the notification subscription.
        public let httpsApiKeyName: String?
        /// The key value for the notification subscription.
        public let httpsApiKeyValue: String?
        /// The HTTPS method used for the notification subscription.
        public let httpsMethod: HttpsMethod?
        /// The Amazon Resource Name (ARN) of the EventBridge API destinations IAM role that you created.
        public let roleArn: String?
        /// The subscription endpoint in Security Lake. If you prefer notification with an HTTPs endpoint, populate this field.
        public let subscriptionEndpoint: String?
        /// The subscription ID for the notification subscription/
        public let subscriptionId: String

        public init(createSqs: Bool? = nil, httpsApiKeyName: String? = nil, httpsApiKeyValue: String? = nil, httpsMethod: HttpsMethod? = nil, roleArn: String? = nil, subscriptionEndpoint: String? = nil, subscriptionId: String) {
            self.createSqs = createSqs
            self.httpsApiKeyName = httpsApiKeyName
            self.httpsApiKeyValue = httpsApiKeyValue
            self.httpsMethod = httpsMethod
            self.roleArn = roleArn
            self.subscriptionEndpoint = subscriptionEndpoint
            self.subscriptionId = subscriptionId
        }

        public func validate(name: String) throws {
            try self.validate(self.roleArn, name: "roleArn", parent: name, pattern: "^arn:.*")
            try self.validate(self.subscriptionId, name: "subscriptionId", parent: name, pattern: "[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}")
        }

        private enum CodingKeys: String, CodingKey {
            case createSqs
            case httpsApiKeyName
            case httpsApiKeyValue
            case httpsMethod
            case roleArn
            case subscriptionEndpoint
        }
    }

    public struct CreateSubscriptionNotificationConfigurationResponse: AWSDecodableShape {
        /// Returns the Amazon Resource Name (ARN) of the queue.
        public let queueArn: String?

        public init(queueArn: String? = nil) {
            self.queueArn = queueArn
        }

        private enum CodingKeys: String, CodingKey {
            case queueArn
        }
    }

    public struct DeleteAwsLogSourceRequest: AWSEncodableShape {
        /// Removes the specific Amazon Web Services sources from specific accounts and specific Regions.
        public let disableAllDimensions: [String: [String: [String]]]?
        /// Removes all Amazon Web Services sources from specific accounts or Regions.
        public let disableSingleDimension: [String]?
        /// Remove a specific Amazon Web Services source from specific accounts or Regions.
        public let disableTwoDimensions: [String: [String]]?
        /// This is a mandatory input. Specify the input order to disable dimensions in Security Lake, namely Region (Amazon Web Services Region code, source type, and member (account ID of a specific Amazon Web Services account).
        public let inputOrder: [Dimension]

        public init(disableAllDimensions: [String: [String: [String]]]? = nil, disableSingleDimension: [String]? = nil, disableTwoDimensions: [String: [String]]? = nil, inputOrder: [Dimension]) {
            self.disableAllDimensions = disableAllDimensions
            self.disableSingleDimension = disableSingleDimension
            self.disableTwoDimensions = disableTwoDimensions
            self.inputOrder = inputOrder
        }

        public func validate(name: String) throws {
            try self.disableSingleDimension?.forEach {
                try validate($0, name: "disableSingleDimension[]", parent: name, pattern: "^[\\\\\\w\\-_:/.@=+]*$")
            }
        }

        private enum CodingKeys: String, CodingKey {
            case disableAllDimensions
            case disableSingleDimension
            case disableTwoDimensions
            case inputOrder
        }
    }

    public struct DeleteAwsLogSourceResponse: AWSDecodableShape {
        /// Deletion of the Amazon Web Services sources failed as the account is not a part of the organization.
        public let failed: [String]?
        /// Deletion of the Amazon Web Services sources is in progress.
        public let processing: [String]?

        public init(failed: [String]? = nil, processing: [String]? = nil) {
            self.failed = failed
            self.processing = processing
        }

        private enum CodingKeys: String, CodingKey {
            case failed
            case processing
        }
    }

    public struct DeleteCustomLogSourceRequest: AWSEncodableShape {
        public static var _encoding = [
            AWSMemberEncoding(label: "customSourceName", location: .querystring("customSourceName"))
        ]

        /// The custom source name for the custom log source.
        public let customSourceName: String

        public init(customSourceName: String) {
            self.customSourceName = customSourceName
        }

        private enum CodingKeys: CodingKey {}
    }

    public struct DeleteCustomLogSourceResponse: AWSDecodableShape {
        /// The location of the partition in the Amazon S3 bucket for Security Lake.
        public let customDataLocation: String

        public init(customDataLocation: String) {
            self.customDataLocation = customDataLocation
        }

        private enum CodingKeys: String, CodingKey {
            case customDataLocation
        }
    }

    public struct DeleteDatalakeAutoEnableRequest: AWSEncodableShape {
        /// Delete Amazon Security Lake with the specified configuration settings to stop ingesting security data for new accounts in Security Lake.
        public let removeFromConfigurationForNewAccounts: [AutoEnableNewRegionConfiguration]

        public init(removeFromConfigurationForNewAccounts: [AutoEnableNewRegionConfiguration]) {
            self.removeFromConfigurationForNewAccounts = removeFromConfigurationForNewAccounts
        }

        private enum CodingKeys: String, CodingKey {
            case removeFromConfigurationForNewAccounts
        }
    }

    public struct DeleteDatalakeAutoEnableResponse: AWSDecodableShape {
        public init() {}
    }

    public struct DeleteDatalakeDelegatedAdminRequest: AWSEncodableShape {
        public static var _encoding = [
            AWSMemberEncoding(label: "account", location: .uri("account"))
        ]

        /// The account ID the Security Lake delegated administrator.
        public let account: String

        public init(account: String) {
            self.account = account
        }

        public func validate(name: String) throws {
            try self.validate(self.account, name: "account", parent: name, pattern: "^[\\\\\\w\\-_:/.@=+]*$")
        }

        private enum CodingKeys: CodingKey {}
    }

    public struct DeleteDatalakeDelegatedAdminResponse: AWSDecodableShape {
        public init() {}
    }

    public struct DeleteDatalakeExceptionsSubscriptionRequest: AWSEncodableShape {
        public init() {}
    }

    public struct DeleteDatalakeExceptionsSubscriptionResponse: AWSDecodableShape {
        /// Retrieves the status of the delete Security Lake operation for an account.
        public let status: String

        public init(status: String) {
            self.status = status
        }

        private enum CodingKeys: String, CodingKey {
            case status
        }
    }

    public struct DeleteDatalakeRequest: AWSEncodableShape {
        public init() {}
    }

    public struct DeleteDatalakeResponse: AWSDecodableShape {
        public init() {}
    }

    public struct DeleteSubscriberRequest: AWSEncodableShape {
        public static var _encoding = [
            AWSMemberEncoding(label: "id", location: .querystring("id"))
        ]

        /// A value created by Security Lake that uniquely identifies your DeleteSubscriber API request.
        public let id: String

        public init(id: String) {
            self.id = id
        }

        private enum CodingKeys: CodingKey {}
    }

    public struct DeleteSubscriberResponse: AWSDecodableShape {
        public init() {}
    }

    public struct DeleteSubscriptionNotificationConfigurationRequest: AWSEncodableShape {
        public static var _encoding = [
            AWSMemberEncoding(label: "subscriptionId", location: .uri("subscriptionId"))
        ]

        /// The ID of the Security Lake subscriber account.
        public let subscriptionId: String

        public init(subscriptionId: String) {
            self.subscriptionId = subscriptionId
        }

        public func validate(name: String) throws {
            try self.validate(self.subscriptionId, name: "subscriptionId", parent: name, pattern: "[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}")
        }

        private enum CodingKeys: CodingKey {}
    }

    public struct DeleteSubscriptionNotificationConfigurationResponse: AWSDecodableShape {
        public init() {}
    }

    public struct Failures: AWSDecodableShape {
        /// List of all exception messages.
        public let exceptionMessage: String
        /// List of all remediation steps for failures.
        public let remediation: String
        /// This error can occur if you configure the wrong timestamp format, or if the subset of entries used for validation had errors or missing values.
        public let timestamp: Date

        public init(exceptionMessage: String, remediation: String, timestamp: Date) {
            self.exceptionMessage = exceptionMessage
            self.remediation = remediation
            self.timestamp = timestamp
        }

        private enum CodingKeys: String, CodingKey {
            case exceptionMessage
            case remediation
            case timestamp
        }
    }

    public struct FailuresResponse: AWSDecodableShape {
        /// List of all failures.
        public let failures: [Failures]?
        /// List of Amazon Web Services Regions where the failure occurred.
        public let region: String?

        public init(failures: [Failures]? = nil, region: String? = nil) {
            self.failures = failures
            self.region = region
        }

        private enum CodingKeys: String, CodingKey {
            case failures
            case region
        }
    }

    public struct GetDatalakeAutoEnableRequest: AWSEncodableShape {
        public init() {}
    }

    public struct GetDatalakeAutoEnableResponse: AWSDecodableShape {
        /// The configuration for new accounts.
        public let autoEnableNewAccounts: [AutoEnableNewRegionConfiguration]

        public init(autoEnableNewAccounts: [AutoEnableNewRegionConfiguration]) {
            self.autoEnableNewAccounts = autoEnableNewAccounts
        }

        private enum CodingKeys: String, CodingKey {
            case autoEnableNewAccounts
        }
    }

    public struct GetDatalakeExceptionsExpiryRequest: AWSEncodableShape {
        public init() {}
    }

    public struct GetDatalakeExceptionsExpiryResponse: AWSDecodableShape {
        /// The expiration period and time-to-live (TTL).
        public let exceptionMessageExpiry: Int64

        public init(exceptionMessageExpiry: Int64) {
            self.exceptionMessageExpiry = exceptionMessageExpiry
        }

        private enum CodingKeys: String, CodingKey {
            case exceptionMessageExpiry
        }
    }

    public struct GetDatalakeExceptionsSubscriptionRequest: AWSEncodableShape {
        public init() {}
    }

    public struct GetDatalakeExceptionsSubscriptionResponse: AWSDecodableShape {
        /// Retrieves the exception notification subscription information.
        public let protocolAndNotificationEndpoint: ProtocolAndNotificationEndpoint

        public init(protocolAndNotificationEndpoint: ProtocolAndNotificationEndpoint) {
            self.protocolAndNotificationEndpoint = protocolAndNotificationEndpoint
        }

        private enum CodingKeys: String, CodingKey {
            case protocolAndNotificationEndpoint
        }
    }

    public struct GetDatalakeRequest: AWSEncodableShape {
        public init() {}
    }

    public struct GetDatalakeResponse: AWSDecodableShape {
        /// Retrieves the Security Lake configuration object.
        public let configurations: [Region: LakeConfigurationResponse]

        public init(configurations: [Region: LakeConfigurationResponse]) {
            self.configurations = configurations
        }

        private enum CodingKeys: String, CodingKey {
            case configurations
        }
    }

    public struct GetDatalakeStatusRequest: AWSEncodableShape {
        /// The Amazon Web Services account ID for which a static snapshot of the current Amazon Web Services Region, including enabled accounts and log sources, is retrieved.
        public let accountSet: [String]?
        /// The maximum limit of accounts for which the static snapshot of the current Region, including enabled accounts and log sources, is retrieved.
        public let maxAccountResults: Int?
        /// Lists if there are more results available. The value of nextToken is a unique pagination token for each page. Repeat the call using the returned token to retrieve the next page. Keep all other arguments unchanged.  Each pagination token expires after 24 hours. Using an expired pagination token will return an HTTP 400 InvalidToken error.
        public let nextToken: String?

        public init(accountSet: [String]? = nil, maxAccountResults: Int? = nil, nextToken: String? = nil) {
            self.accountSet = accountSet
            self.maxAccountResults = maxAccountResults
            self.nextToken = nextToken
        }

        public func validate(name: String) throws {
            try self.accountSet?.forEach {
                try validate($0, name: "accountSet[]", parent: name, pattern: "^[\\\\\\w\\-_:/.@=+]*$")
            }
            try self.validate(self.nextToken, name: "nextToken", parent: name, pattern: "^[\\\\\\w\\-_:/.@=+]*$")
        }

        private enum CodingKeys: String, CodingKey {
            case accountSet
            case maxAccountResults
            case nextToken
        }
    }

    public struct GetDatalakeStatusResponse: AWSDecodableShape {
        /// The list of enabled accounts and enabled sources.
        public let accountSourcesList: [AccountSources]
        /// Lists if there are more results available. The value of nextToken is a unique pagination token for each page. Repeat the call using the returned token to retrieve the next page. Keep all other arguments unchanged.  Each pagination token expires after 24 hours. Using an expired pagination token will return an HTTP 400 InvalidToken error.
        public let nextToken: String?

        public init(accountSourcesList: [AccountSources], nextToken: String? = nil) {
            self.accountSourcesList = accountSourcesList
            self.nextToken = nextToken
        }

        private enum CodingKeys: String, CodingKey {
            case accountSourcesList
            case nextToken
        }
    }

    public struct GetSubscriberRequest: AWSEncodableShape {
        public static var _encoding = [
            AWSMemberEncoding(label: "id", location: .uri("id"))
        ]

        /// A value created by Amazon Security Lake that uniquely identifies your GetSubscriber API request.
        public let id: String

        public init(id: String) {
            self.id = id
        }

        private enum CodingKeys: CodingKey {}
    }

    public struct GetSubscriberResponse: AWSDecodableShape {
        /// The subscription information for the specified subscription ID.
        public let subscriber: SubscriberResource?

        public init(subscriber: SubscriberResource? = nil) {
            self.subscriber = subscriber
        }

        private enum CodingKeys: String, CodingKey {
            case subscriber
        }
    }

    public struct LakeConfigurationRequest: AWSEncodableShape {
        /// The type of encryption key used by Amazon Security Lake to encrypt the Security Lake configuration object.
        public let encryptionKey: String?
        /// Replication enables automatic, asynchronous copying of objects across Amazon S3 buckets. Amazon S3 buckets that are configured for object replication can be owned by the same Amazon Web Services account or by different accounts. You can replicate objects to a single destination bucket or to multiple destination buckets. The destination buckets can be in different Amazon Web Services Regions or within the same Region as the source bucket. Set up one or more rollup Regions by providing the Region or Regions that should contribute to the central rollup Region.
        public let replicationDestinationRegions: [Region]?
        /// Replication settings for the Amazon S3 buckets. This parameter uses the Identity and Access Management (IAM) role you created that is managed by Security Lake, to ensure the replication setting is correct.
        public let replicationRoleArn: String?
        /// Retention settings for the destination Amazon S3 buckets.
        public let retentionSettings: [RetentionSetting]?
        /// A tag is a label that you assign to an Amazon Web Services resource. Each tag consists of a key and an optional value, both of which you define.
        public let tagsMap: [String: String]?

        public init(encryptionKey: String? = nil, replicationDestinationRegions: [Region]? = nil, replicationRoleArn: String? = nil, retentionSettings: [RetentionSetting]? = nil, tagsMap: [String: String]? = nil) {
            self.encryptionKey = encryptionKey
            self.replicationDestinationRegions = replicationDestinationRegions
            self.replicationRoleArn = replicationRoleArn
            self.retentionSettings = retentionSettings
            self.tagsMap = tagsMap
        }

        public func validate(name: String) throws {
            try self.validate(self.replicationRoleArn, name: "replicationRoleArn", parent: name, pattern: "^arn:.*")
        }

        private enum CodingKeys: String, CodingKey {
            case encryptionKey
            case replicationDestinationRegions
            case replicationRoleArn
            case retentionSettings
            case tagsMap
        }
    }

    public struct LakeConfigurationResponse: AWSDecodableShape {
        /// The type of encryption key used by secure the Security Lake configuration object.
        public let encryptionKey: String?
        /// Replication enables automatic, asynchronous copying of objects across Amazon S3 buckets. Amazon S3 buckets that are configured for object replication can be owned by the same Amazon Web Services account or by different accounts. You can replicate objects to a single destination bucket or to multiple destination buckets. The destination buckets can be in different Amazon Web Services Regions or within the same Region as the source bucket. Set up one or more rollup Regions by providing the Region or Regions that should contribute to the central rollup Region.
        public let replicationDestinationRegions: [Region]?
        /// Replication settings for the Amazon S3 buckets. This parameter uses the IAM role you created that is managed by Security Lake, to ensure the replication setting is correct.
        public let replicationRoleArn: String?
        /// Retention settings for the destination Amazon S3 buckets.
        public let retentionSettings: [RetentionSetting]?
        /// Amazon Resource Names (ARNs) uniquely identify Amazon Web Services resources. Security Lake requires an ARN when you need to specify a resource unambiguously across all of Amazon Web Services, such as in IAM policies, Amazon Relational Database Service (Amazon RDS) tags, and API calls.
        public let s3BucketArn: String?
        /// Retrieves the status of the configuration operation for an account in Amazon Security Lake.
        public let status: SettingsStatus?
        /// A tag is a label that you assign to an Amazon Web Services resource. Each tag consists of a key and an optional value, both of which you define.
        public let tagsMap: [String: String]?

        public init(encryptionKey: String? = nil, replicationDestinationRegions: [Region]? = nil, replicationRoleArn: String? = nil, retentionSettings: [RetentionSetting]? = nil, s3BucketArn: String? = nil, status: SettingsStatus? = nil, tagsMap: [String: String]? = nil) {
            self.encryptionKey = encryptionKey
            self.replicationDestinationRegions = replicationDestinationRegions
            self.replicationRoleArn = replicationRoleArn
            self.retentionSettings = retentionSettings
            self.s3BucketArn = s3BucketArn
            self.status = status
            self.tagsMap = tagsMap
        }

        private enum CodingKeys: String, CodingKey {
            case encryptionKey
            case replicationDestinationRegions
            case replicationRoleArn
            case retentionSettings
            case s3BucketArn
            case status
            case tagsMap
        }
    }

    public struct ListDatalakeExceptionsRequest: AWSEncodableShape {
        /// List the maximum number of failures in Security Lake.
        public let maxFailures: Int?
        /// List if there are more results available. The value of nextToken is a unique pagination token for each page. Repeat the call using the returned token to retrieve the next page. Keep all other arguments unchanged.  Each pagination token expires after 24 hours. Using an expired pagination token will return an HTTP 400 InvalidToken error.
        public let nextToken: String?
        /// List the Amazon Web Services Regions from which exceptions are retrieved.
        public let regionSet: [Region]?

        public init(maxFailures: Int? = nil, nextToken: String? = nil, regionSet: [Region]? = nil) {
            self.maxFailures = maxFailures
            self.nextToken = nextToken
            self.regionSet = regionSet
        }

        public func validate(name: String) throws {
            try self.validate(self.nextToken, name: "nextToken", parent: name, pattern: "^[\\\\\\w\\-_:/.@=+]*$")
        }

        private enum CodingKeys: String, CodingKey {
            case maxFailures
            case nextToken
            case regionSet
        }
    }

    public struct ListDatalakeExceptionsResponse: AWSDecodableShape {
        /// List if there are more results available. The value of nextToken is a unique pagination token for each page. Repeat the call using the returned token to retrieve the next page. Keep all other arguments unchanged.  Each pagination token expires after 24 hours. Using an expired pagination token will return an HTTP 400 InvalidToken error.
        public let nextToken: String?
        /// Lists the failures that cannot be retried in the current Region.
        public let nonRetryableFailures: [FailuresResponse]

        public init(nextToken: String? = nil, nonRetryableFailures: [FailuresResponse]) {
            self.nextToken = nextToken
            self.nonRetryableFailures = nonRetryableFailures
        }

        private enum CodingKeys: String, CodingKey {
            case nextToken
            case nonRetryableFailures
        }
    }

    public struct ListLogSourcesRequest: AWSEncodableShape {
        /// Lists the log sources in input order, namely Region, source type, and member account.
        public let inputOrder: [Dimension]?
        /// List the view of log sources for enabled Amazon Security Lake accounts for specific Amazon Web Services sources from specific accounts and specific Regions.
        public let listAllDimensions: [String: [String: [String]]]?
        /// List the view of log sources for enabled Security Lake accounts for all Amazon Web Services sources from specific accounts or specific Regions.
        public let listSingleDimension: [String]?
        /// Lists the view of log sources for enabled Security Lake accounts for specific Amazon Web Services sources from specific accounts or specific Regions.
        public let listTwoDimensions: [String: [String]]?
        /// The maximum number of accounts for which the log sources are displayed.
        public let maxResults: Int?
        /// If nextToken is returned, there are more results available. You can repeat the call using the returned token to retrieve the next page.
        public let nextToken: String?

        public init(inputOrder: [Dimension]? = nil, listAllDimensions: [String: [String: [String]]]? = nil, listSingleDimension: [String]? = nil, listTwoDimensions: [String: [String]]? = nil, maxResults: Int? = nil, nextToken: String? = nil) {
            self.inputOrder = inputOrder
            self.listAllDimensions = listAllDimensions
            self.listSingleDimension = listSingleDimension
            self.listTwoDimensions = listTwoDimensions
            self.maxResults = maxResults
            self.nextToken = nextToken
        }

        public func validate(name: String) throws {
            try self.listSingleDimension?.forEach {
                try validate($0, name: "listSingleDimension[]", parent: name, pattern: "^[\\\\\\w\\-_:/.@=+]*$")
            }
            try self.validate(self.nextToken, name: "nextToken", parent: name, pattern: "^[\\\\\\w\\-_:/.@=+]*$")
        }

        private enum CodingKeys: String, CodingKey {
            case inputOrder
            case listAllDimensions
            case listSingleDimension
            case listTwoDimensions
            case maxResults
            case nextToken
        }
    }

    public struct ListLogSourcesResponse: AWSDecodableShape {
        /// If nextToken is returned, there are more results available. You can repeat the call using the returned token to retrieve the next page.
        public let nextToken: String?
        /// Lists the log sources by Regions for enabled Security Lake accounts.
        public let regionSourceTypesAccountsList: [[String: [String: [String]]]]

        public init(nextToken: String? = nil, regionSourceTypesAccountsList: [[String: [String: [String]]]]) {
            self.nextToken = nextToken
            self.regionSourceTypesAccountsList = regionSourceTypesAccountsList
        }

        private enum CodingKeys: String, CodingKey {
            case nextToken
            case regionSourceTypesAccountsList
        }
    }

    public struct ListSubscribersRequest: AWSEncodableShape {
        public static var _encoding = [
            AWSMemberEncoding(label: "maxResults", location: .querystring("maxResults")),
            AWSMemberEncoding(label: "nextToken", location: .querystring("nextToken"))
        ]

        /// The maximum number of accounts for which the configuration is displayed.
        public let maxResults: Int?
        /// If nextToken is returned, there are more results available. You can repeat the call using the returned token to retrieve the next page.
        public let nextToken: String?

        public init(maxResults: Int? = nil, nextToken: String? = nil) {
            self.maxResults = maxResults
            self.nextToken = nextToken
        }

        private enum CodingKeys: CodingKey {}
    }

    public struct ListSubscribersResponse: AWSDecodableShape {
        /// If nextToken is returned, there are more results available. You can repeat the call using the returned token to retrieve the next page.
        public let nextToken: String?
        /// The subscribers available for the specified Security Lake account ID.
        public let subscribers: [SubscriberResource]

        public init(nextToken: String? = nil, subscribers: [SubscriberResource]) {
            self.nextToken = nextToken
            self.subscribers = subscribers
        }

        private enum CodingKeys: String, CodingKey {
            case nextToken
            case subscribers
        }
    }

    public struct LogsStatus: AWSDecodableShape {
        /// The health status of services, including error codes and patterns.
        public let healthStatus: SourceStatus
        /// Defines path the stored logs are available which has information on your systems, applications, and services.
        public let pathToLogs: String

        public init(healthStatus: SourceStatus, pathToLogs: String) {
            self.healthStatus = healthStatus
            self.pathToLogs = pathToLogs
        }

        private enum CodingKeys: String, CodingKey {
            case healthStatus
            case pathToLogs
        }
    }

    public struct ProtocolAndNotificationEndpoint: AWSDecodableShape {
        /// The account that is subscribed to receive exception notifications.
        public let endpoint: String?
        /// The protocol to which notification messages are posted.
        public let `protocol`: String?

        public init(endpoint: String? = nil, protocol: String? = nil) {
            self.endpoint = endpoint
            self.`protocol` = `protocol`
        }

        private enum CodingKeys: String, CodingKey {
            case endpoint
            case `protocol`
        }
    }

    public struct RetentionSetting: AWSEncodableShape & AWSDecodableShape {
        /// The retention period specifies a fixed period of time during which the Security Lake object remains locked. You can specify the retention period in days for one or more sources.
        public let retentionPeriod: Int?
        /// The range of storage classes that you can choose from based on the data access, resiliency, and cost requirements of your workloads.
        public let storageClass: StorageClass?

        public init(retentionPeriod: Int? = nil, storageClass: StorageClass? = nil) {
            self.retentionPeriod = retentionPeriod
            self.storageClass = storageClass
        }

        private enum CodingKeys: String, CodingKey {
            case retentionPeriod
            case storageClass
        }
    }

    public struct SubscriberResource: AWSDecodableShape {
        /// You can choose to notify subscribers of new objects with an Amazon Simple Queue Service (Amazon SQS) queue or through messaging to an HTTPS endpoint provided by the subscriber.  Subscribers can consume data by directly querying Lake Formation tables in your Amazon S3 bucket through services like Amazon Athena. This subscription type is defined as LAKEFORMATION.
        public let accessTypes: [AccessType]?
        /// The Amazon Web Services account ID you are using to create your Amazon Security Lake account.
        public let accountId: String
        /// The date and time when the subscription was created.
        public let createdAt: Date?
        /// The external ID of the subscriber. The external ID lets the user that is assuming the role assert the circumstances in which they are operating. It also provides a way for the account owner to permit the role to be assumed only under specific circumstances.
        public let externalId: String?
        /// The Amazon Resource Name (ARN) specifying the role of the subscriber.
        public let roleArn: String?
        /// The ARN for the Amazon S3 bucket.
        public let s3BucketArn: String?
        /// The ARN for the Amazon Simple Notification Service.
        public let snsArn: String?
        /// Amazon Security Lake supports log and event collection for natively supported Amazon Web Services. For more information, see the Amazon Security Lake User Guide.
        public let sourceTypes: [SourceType]
        /// The subscriber descriptions for a subscriber account. The description for a subscriber includes subscriberName, accountID, externalID, and subscriptionId.
        public let subscriberDescription: String?
        /// The name of your Amazon Security Lake subscriber account.
        public let subscriberName: String?
        /// The subscription endpoint to which exception messages are posted.
        public let subscriptionEndpoint: String?
        /// The subscription ID of the Amazon Security Lake subscriber account.
        public let subscriptionId: String
        /// The subscription protocol to which exception messages are posted.
        public let subscriptionProtocol: EndpointProtocol?
        /// The subscription status of the Amazon Security Lake subscriber account.
        public let subscriptionStatus: SubscriptionStatus?
        /// The date and time when the subscription was created.
        public let updatedAt: Date?

        public init(accessTypes: [AccessType]? = nil, accountId: String, createdAt: Date? = nil, externalId: String? = nil, roleArn: String? = nil, s3BucketArn: String? = nil, snsArn: String? = nil, sourceTypes: [SourceType], subscriberDescription: String? = nil, subscriberName: String? = nil, subscriptionEndpoint: String? = nil, subscriptionId: String, subscriptionProtocol: EndpointProtocol? = nil, subscriptionStatus: SubscriptionStatus? = nil, updatedAt: Date? = nil) {
            self.accessTypes = accessTypes
            self.accountId = accountId
            self.createdAt = createdAt
            self.externalId = externalId
            self.roleArn = roleArn
            self.s3BucketArn = s3BucketArn
            self.snsArn = snsArn
            self.sourceTypes = sourceTypes
            self.subscriberDescription = subscriberDescription
            self.subscriberName = subscriberName
            self.subscriptionEndpoint = subscriptionEndpoint
            self.subscriptionId = subscriptionId
            self.subscriptionProtocol = subscriptionProtocol
            self.subscriptionStatus = subscriptionStatus
            self.updatedAt = updatedAt
        }

        private enum CodingKeys: String, CodingKey {
            case accessTypes
            case accountId
            case createdAt
            case externalId
            case roleArn
            case s3BucketArn
            case snsArn
            case sourceTypes
            case subscriberDescription
            case subscriberName
            case subscriptionEndpoint
            case subscriptionId
            case subscriptionProtocol
            case subscriptionStatus
            case updatedAt
        }
    }

    public struct UpdateDatalakeExceptionsExpiryRequest: AWSEncodableShape {
        /// The time-to-live (TTL) for the exception message to remain.
        public let exceptionMessageExpiry: Int64

        public init(exceptionMessageExpiry: Int64) {
            self.exceptionMessageExpiry = exceptionMessageExpiry
        }

        private enum CodingKeys: String, CodingKey {
            case exceptionMessageExpiry
        }
    }

    public struct UpdateDatalakeExceptionsExpiryResponse: AWSDecodableShape {
        public init() {}
    }

    public struct UpdateDatalakeExceptionsSubscriptionRequest: AWSEncodableShape {
        /// The account that is subscribed to receive exception notifications.
        public let notificationEndpoint: String
        /// The subscription protocol to which exception messages are posted.
        public let subscriptionProtocol: SubscriptionProtocolType

        public init(notificationEndpoint: String, subscriptionProtocol: SubscriptionProtocolType) {
            self.notificationEndpoint = notificationEndpoint
            self.subscriptionProtocol = subscriptionProtocol
        }

        public func validate(name: String) throws {
            try self.validate(self.notificationEndpoint, name: "notificationEndpoint", parent: name, pattern: "^[\\\\\\w\\-_:/.@=+]*$")
        }

        private enum CodingKeys: String, CodingKey {
            case notificationEndpoint
            case subscriptionProtocol
        }
    }

    public struct UpdateDatalakeExceptionsSubscriptionResponse: AWSDecodableShape {
        public init() {}
    }

    public struct UpdateDatalakeRequest: AWSEncodableShape {
        /// Specify the Region or Regions that will contribute data to the rollup region.
        public let configurations: [Region: LakeConfigurationRequest]

        public init(configurations: [Region: LakeConfigurationRequest]) {
            self.configurations = configurations
        }

        public func validate(name: String) throws {
            try self.configurations.forEach {
                try $0.value.validate(name: "\(name).configurations[\"\($0.key)\"]")
            }
        }

        private enum CodingKeys: String, CodingKey {
            case configurations
        }
    }

    public struct UpdateDatalakeResponse: AWSDecodableShape {
        public init() {}
    }

    public struct UpdateSubscriberRequest: AWSEncodableShape {
        public static var _encoding = [
            AWSMemberEncoding(label: "id", location: .uri("id"))
        ]

        /// The external ID of the Security Lake account.
        public let externalId: String?
        /// A value created by Security Lake that uniquely identifies your subscription.
        public let id: String
        /// The supported Amazon Web Services from which logs and events are collected. For the list of supported Amazon Web Services, see the Amazon Security Lake User Guide.
        public let sourceTypes: [SourceType]
        /// The description of the Security Lake account subscriber.
        public let subscriberDescription: String?
        /// The name of the Security Lake account subscriber.
        public let subscriberName: String?

        public init(externalId: String? = nil, id: String, sourceTypes: [SourceType], subscriberDescription: String? = nil, subscriberName: String? = nil) {
            self.externalId = externalId
            self.id = id
            self.sourceTypes = sourceTypes
            self.subscriberDescription = subscriberDescription
            self.subscriberName = subscriberName
        }

        public func validate(name: String) throws {
            try self.validate(self.externalId, name: "externalId", parent: name, pattern: "^[\\\\\\w\\-_:/.@=+]*$")
            try self.sourceTypes.forEach {
                try $0.validate(name: "\(name).sourceTypes[]")
            }
            try self.validate(self.subscriberDescription, name: "subscriberDescription", parent: name, pattern: "^[\\\\\\w\\s\\-_:/,.@=+]*$")
            try self.validate(self.subscriberName, name: "subscriberName", parent: name, pattern: "^[\\\\\\w\\-_:/.@=+]*$")
        }

        private enum CodingKeys: String, CodingKey {
            case externalId
            case sourceTypes
            case subscriberDescription
            case subscriberName
        }
    }

    public struct UpdateSubscriberResponse: AWSDecodableShape {
        /// The account of the subscriber.
        public let subscriber: SubscriberResource?

        public init(subscriber: SubscriberResource? = nil) {
            self.subscriber = subscriber
        }

        private enum CodingKeys: String, CodingKey {
            case subscriber
        }
    }

    public struct UpdateSubscriptionNotificationConfigurationRequest: AWSEncodableShape {
        public static var _encoding = [
            AWSMemberEncoding(label: "subscriptionId", location: .uri("subscriptionId"))
        ]

        /// Create a new subscription notification for the specified subscription ID in Amazon Security Lake.
        public let createSqs: Bool?
        /// The key name for the subscription notification.
        public let httpsApiKeyName: String?
        /// The key value for the subscription notification.
        public let httpsApiKeyValue: String?
        /// The HTTPS method used for the subscription notification.
        public let httpsMethod: HttpsMethod?
        /// The Amazon Resource Name (ARN) specifying the role of the subscriber.
        public let roleArn: String?
        /// The subscription endpoint in Security Lake.
        public let subscriptionEndpoint: String?
        /// The subscription ID for which the subscription notification is specified.
        public let subscriptionId: String

        public init(createSqs: Bool? = nil, httpsApiKeyName: String? = nil, httpsApiKeyValue: String? = nil, httpsMethod: HttpsMethod? = nil, roleArn: String? = nil, subscriptionEndpoint: String? = nil, subscriptionId: String) {
            self.createSqs = createSqs
            self.httpsApiKeyName = httpsApiKeyName
            self.httpsApiKeyValue = httpsApiKeyValue
            self.httpsMethod = httpsMethod
            self.roleArn = roleArn
            self.subscriptionEndpoint = subscriptionEndpoint
            self.subscriptionId = subscriptionId
        }

        public func validate(name: String) throws {
            try self.validate(self.roleArn, name: "roleArn", parent: name, pattern: "^arn:.*")
            try self.validate(self.subscriptionId, name: "subscriptionId", parent: name, pattern: "[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}")
        }

        private enum CodingKeys: String, CodingKey {
            case createSqs
            case httpsApiKeyName
            case httpsApiKeyValue
            case httpsMethod
            case roleArn
            case subscriptionEndpoint
        }
    }

    public struct UpdateSubscriptionNotificationConfigurationResponse: AWSDecodableShape {
        /// Returns the ARN of the queue.
        public let queueArn: String?

        public init(queueArn: String? = nil) {
            self.queueArn = queueArn
        }

        private enum CodingKeys: String, CodingKey {
            case queueArn
        }
    }
}

// MARK: - Errors

/// Error enum for SecurityLake
public struct SecurityLakeErrorType: AWSErrorType {
    enum Code: String {
        case accessDeniedException = "AccessDeniedException"
        case accountNotFoundException = "AccountNotFoundException"
        case bucketNotFoundException = "BucketNotFoundException"
        case concurrentModificationException = "ConcurrentModificationException"
        case conflictException = "ConflictException"
        case conflictSourceNamesException = "ConflictSourceNamesException"
        case conflictSubscriptionException = "ConflictSubscriptionException"
        case eventBridgeException = "EventBridgeException"
        case internalServerException = "InternalServerException"
        case invalidInputException = "InvalidInputException"
        case resourceNotFoundException = "ResourceNotFoundException"
        case s3Exception = "S3Exception"
        case serviceQuotaExceededException = "ServiceQuotaExceededException"
        case throttlingException = "ThrottlingException"
        case validationException = "ValidationException"
    }

    private let error: Code
    public let context: AWSErrorContext?

    /// initialize SecurityLake
    public init?(errorCode: String, context: AWSErrorContext) {
        guard let error = Code(rawValue: errorCode) else { return nil }
        self.error = error
        self.context = context
    }

    internal init(_ error: Code) {
        self.error = error
        self.context = nil
    }

    /// return error code string
    public var errorCode: String { self.error.rawValue }

    /// You do not have sufficient access to perform this action. Access denied errors appear when Amazon Security Lake explicitly or implicitly denies an authorization request. An explicit denial occurs when a policy contains a Deny statement for the specific Amazon Web Services action. An implicit denial occurs when there is no applicable Deny statement and also no applicable Allow statement.
    public static var accessDeniedException: Self { .init(.accessDeniedException) }
    /// Amazon Security Lake cannot find an Amazon Web Services account with the accountID that you specified, or the account whose credentials you used to make this request isn&#39;t a member of an organization.
    public static var accountNotFoundException: Self { .init(.accountNotFoundException) }
    /// Amazon Security Lake  generally returns 404 errors if the requested object is missing from the bucket.
    public static var bucketNotFoundException: Self { .init(.bucketNotFoundException) }
    /// More than one process tried to modify a resource at the same time.
    public static var concurrentModificationException: Self { .init(.concurrentModificationException) }
    /// Occurs when a conflict with a previous successful write is detected. This generally occurs when the previous write did not have time to propagate to the host serving the current request. A retry (with appropriate backoff logic) is the recommended response to this exception.
    public static var conflictException: Self { .init(.conflictException) }
    /// There was a conflict when you attempted to modify a Security Lake source name.
    public static var conflictSourceNamesException: Self { .init(.conflictSourceNamesException) }
    /// A conflicting subscription exception operation is in progress.
    public static var conflictSubscriptionException: Self { .init(.conflictSubscriptionException) }
    /// Represents an error interacting with the Amazon EventBridge service.
    public static var eventBridgeException: Self { .init(.eventBridgeException) }
    /// Internal service exceptions are sometimes caused by transient issues. Before you start troubleshooting, perform the operation again.
    public static var internalServerException: Self { .init(.internalServerException) }
    /// The request was rejected because a value that&#39;s not valid or is out of range was supplied for an input parameter.
    public static var invalidInputException: Self { .init(.invalidInputException) }
    /// The resource could not be found.
    public static var resourceNotFoundException: Self { .init(.resourceNotFoundException) }
    /// Provides an extension of the AmazonServiceException for errors reported by Amazon S3 while processing a request. In particular, this class provides access to the Amazon S3 extended request ID. If Amazon S3 is incorrectly handling a request and you need to contact Amazon, this extended request ID may provide useful debugging information.
    public static var s3Exception: Self { .init(.s3Exception) }
    /// You have exceeded your service quota. To perform the requested action, remove some of the relevant resources, or use Service Quotas to request a service quota increase.
    public static var serviceQuotaExceededException: Self { .init(.serviceQuotaExceededException) }
    /// The limit on the number of requests per second was exceeded.
    public static var throttlingException: Self { .init(.throttlingException) }
    /// Your signing certificate could not be validated.
    public static var validationException: Self { .init(.validationException) }
}

extension SecurityLakeErrorType: Equatable {
    public static func == (lhs: SecurityLakeErrorType, rhs: SecurityLakeErrorType) -> Bool {
        lhs.error == rhs.error
    }
}

extension SecurityLakeErrorType: CustomStringConvertible {
    public var description: String {
        return "\(self.error.rawValue): \(self.message ?? "")"
    }
}
